top of page
  • Writer's pictureotw

Linux Basics for Hackers, Part 14: Using the curl command to Download Web Site Source Code

Updated: Dec 28, 2022

Welcome back my aspiring cyber warriors!

Now that you have mastered the Basics of Linux, let's begin looking at some of the more esoteric but equally powerful Linux commands for the hacker.One of those key commands is curl or client URL. This command enables the Linux user to send and receive to a specified URL, among other things. This can be especially useful in downloading web site source code for analysis in your lab.

Step #1: curl help

Let's begin by looking at the curl help screen.

kali > curl -h

To see a more complete help screen, you can enter curl --help all.

In it's simplest form, curl simply targets a URL and then downloads its contents and displays it to your screen (standard output). Let's see what it can do when we use as our target.

kali > curl

As you can see, nothing happened. This is because the default settings in curl do not allow for a re-direct. Apparently, has a re-direct, so curl simply executes without downloading any data. We can enable re-directs in curl by using curl with the -L switch.

Let's try it again with the -L switch and see whether we get any output.

kali > curl -L

As you can see below, curl gathered all the source code from the URL and displays it to my screen (stdout).

This output is not very convenient for analysis. It would be much better and easier to work with to have the output sent to a text file. Let's try sending the output from this website to a file.

To do so, we use the -o switch followed by the file name where we want the code stored. In this case, I entered;

kali > curl -L -o hackers_website.html

This time, curl displays a table and progress bar as it downloads the contents of the page. Now when we open that file with the more command, we can see the contents of that page.

kali > more hackers_website.html

Step #3: Using curl Anonymously

In some cases, we may want to gather data or source code anonymously. In that case, we can use a proxy in our curl command to send the command through a specified proxy such as:

kali > curl -x <proxy IP>:<proxy port> <target URL>

To access source code anonymously from a proxy at using port 999, we can simply enter;

kali > curl -x -L

Step #4: Using curl to Send Data

In addition to pulling data from URL's, curl can also push data to URL's. For instance, the website allows you to send data to their service in order to send fake SMS messages. In this case, we can use curl to send both the phone number and the message to their site and they will send the fake text message to the target such as;

kali > sudo curl -X POST --data-urlencode phone='12152749318' --data-urlencode message='Hurry to St. Thomas Hospital! Your wife has been in a terrible accident!' -d key=<API key>

For more on sending fake SMS messages, go to How To Create a Fake SMS.


curl is one of those commands in Linux that is often overlooked by beginners but can be a powerful tool in the hands of an experienced Linux user. Is is capable of both sending and receiving data across the Internet and a few minutes invested in learning it subtleties will pay big dividends. Probably it widest use among hackers is downloading source code from web sites for analysis.


Recent Posts

See All
bottom of page